Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

HTML injection into someone else's website?

Tags:

html

demo

html-injections

I've got a product that embeds into websites similarly to Paypal (customers add my button to their website, users click on this button and once the service is complete I redirect them back to the original website).

I'd like to demo my technology to customers without actually modifying their live website. To that end, is it possible to configure http://stackoverflow.myserver.com/ so it mirrors http://www.stackoverflow.com/ while seamlessly injecting my button?

Meaning, I want to demo the experience of using my button on the live website without actually re-hosting the customer's database on my server.

I know there are security concerns here, so feel free to mention them so long as we meet the requirements. I do not need to demo this for website that uses HTTPS.

More specifically, I would like to demonstrate the idea of financial bounties on Stackoverflow questions by injecting a Paypal button into the page. How would I demo this off http://stackoverflow.myserver.com/ without modifying https://stackoverflow.com/?

REQUEST TO REOPEN: I have reworded the question to be more specific per your request. If you still believe it is too broad, please help me understand your reasoning by posting a comment below.

UPDATE: I posted a follow-up challenge at How to rewrite URLs referenced by Javascript code?

UPDATE2: I discarded the idea of bookmarklets and Greasemonkey because they require customer-side installation/modification. We need to make the process as seamless as possible, otherwise many of get turned off by the process and won't let us pitch.

like image 555
Gili Avatar asked Mar 05 '14 15:03

Gili

1 Answers

I would suggest to create a proxy using a HTTP handler.

In the ProcessRequest you can do a HttpWebRequest to get the content on the other side, alter it and return the adjusted html to the browser. You can rewrite the urls inside to allow the loading of images, etc from the original source.

public void ProcessRequest(HttpContext context)
{
  // get the content using HttpWebRequest
  string html = ...

  // alter it

  // write back the adjusted html
  context.Response.Write(html);
}
like image 129
Patrick Hofman Avatar answered Sep 25 '22 19:09

Patrick Hofman
Sign in to Comment

Related questions

Is there a way to identify orphaned classes in a web app built with HTML, JavaScript, and CSS?
Using iframe to apply CSS media queries to block elements
scrolling overlay div without scrolling entire page
Appending Dropped File to <input type="file" multiple> [duplicate]
Image Decode times from Chrome Timeline dev tool
Children of z-index: 'auto' vs z-index: 0, and what is "stacking context" in CSS?
Blurry images on stock android browser
HTML5 input versus button
Play music from bytearray in html5
Change scroll speed of specific element [closed]
Html table with fixed header and vertical scrollbars on the table body
Capture Document-level Paste event without focused Input or Textarea
Style HTML5 progress tag that reached it's maximum value
Vimeo player doesn't work on Firefox
TinyMCE 4 disable cleanup html
Capturing images in web application on Windows 8.1 tablets
Bind Angular JS ui-bootstrap dropdown toggle to ng-model
Replacement for the DOA <di> tag
Optimizing HTML tables?
html - grayscale + color overlay

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!